<?php
include "header.php";
session_start();

if (@$_SESSION['admin'] != 1)
	Header("Location: $_SERVER[HTTP_REFERER]");

if (isset($_POST['del'])) {
	if (isset($_POST['id'])) {
		// add code here to actually delete the person and all their jobs from the database (this scares the shit out of me)
		// 											me too -chris
		header("Location: " . getBasePath());
	}
} else {
	// i made this a POST as an attempt at CSRF prevention
	echo "
	<div id='delete_form'>
	Are you completely sure that you want to delete this person from the database (they will be gone forever)?
	<form action='delete_person.php' method='post'>
		<input type='hidden' name='del' value='yes'>
		<input type='hidden' name='id' value='" . $_GET['id'] ."'>
		<input type='submit' value='Yes, delete this person' style='color:#c00'>
		<input type='reset' value='No, keep this person' style='margin-left: 50px; color: #0c0' onclick=\"window.location='$_SERVER[HTTP_REFERER]'\">
	</form>
	</div>";
}

include "footer.php";
?>
